[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Restricting read access to one file

From: Fredrik Bostrom <fredrik.bostrom_at_helsinki.fi>
Date: 2005-06-07 14:46:26 CEST

Thanks for your tips.

I finally got it working by adding another <Location> element after the
standard <Location /svn> element, like this:

<Location /svn> <!-- old element -->
   DAV svn
   SVNPath /var/svnroot
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/apache2/dav_svn.passwd
   AuthzSVNAccessFile /etc/apache2/dav_svn.authz
   Satisfy Any
   Require valid-user
</Location>

<Location ~ "/svn/.*(secret.file)$"> <!-- new element -->
   AuthType Basic
   AuthName "Restricted read access"
   AuthUserFile /etc/apache2/dav_svn.passwd
   AuthzSVNAccessFile /etc/apache2/dav_svn_noread.authz
   Satisfy Any
   Require valid-user
</Location>

And the authz files looks like this:
--- dav_svn.authz ---
[groups]
devs = john, jane

[/]
john = rw
* = r

[/projectone]
@devs = rw
* = r

--- dav_svn_noread.authz ---
[groups]
devs = john, jane

# here the root corresponds to the secret.file
[/]
@devs = rw

Best regards,
   Fredrik Boström

Miha Vitorovic wrote:
> Doh!
>
> How about this then [I haven't tried it, though]:
>
> Create a special a special Authorization file that gives read acces only
> to those people that need it.
>
> Use reg-exp in the apache httpd.conf file to achieve what you need.
>
> From the apache documentation:
> --- cut 'ere ---
> Extended regular expressions can also be used, with the addition of the ~
> character. For example:
> <Location ~ "/(extra|special)/data">
> --- cut 'ere ---
>
> Something like this:
>
> <Location ~ "your-specail-file">
> DAV svn
> SVNPath C:/repo
>
> AuthType Basic
> AuthName "Special file access"
> AuthUserFile c:/etc/htpasswd
>
> Require valid-user
>
> AuthzSVNAccessFile c:/etc/your-special-auth-file
> </Location>
>
> Cheers,
> ---
> Miha Vitorovic
> Inženir v tehničnem področju
> Customer Support Engineer
>
> NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
> Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
>
> "Max Bowsher" <maxb@ukf.net> wrote on 07.06.2005 12:24:59:
>
>
>>Miha Vitorovic wrote:
>>
>>>It seems to me that 'pre-commit' hook script is an excellent
>
> candidate
>
>>>for just this sort of thing...
>>
>>No. That will work for *write* access, but the question asked is about
>>*read* access.
>>
>>Max.
>>
>>
>>>---
>>> Miha Vitorovic
>>> Inženir v tehničnem področju
>>> Customer Support Engineer
>>>
>>> NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana,
>
> Slovenia
>
>>> Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
>>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 7 14:50:04 2005

This is an archived mail posted to the Subversion Users mailing list.